Hi all, according to Aaron’s recommendation, I have created a PR for OAuth 2.1: https://github.com/oauth-wg/oauth-v2-1/pull/230
It references OpenID Connect’s response modes (fragment and form_post) as solutions for Browser-Swapping attacks, which I have presented in today’s OAuth WG meeting. If you have missed my presentation, but are still interested, here are my slides: https://datatracker.ietf.org/meeting/124/materials/slides-124-oauth-sessa-browser-swapping-01 I’m interested in your feedback on this first draft, which currently covers only recommendation #2 from my slides, because this is probably the least controversial change. If you are attending onsite, also feel free to speak to me in the hallway. My company gave me enough of the „No, PKCE…“ t-shirts for the rest of the week, so that it’s easier for you to find me. @Brian & Mike: I have learned from the best ;-) Greetings, Jonas Jonas Primbs M.Sc. University of Tübingen Faculty of Science Department of Computer Science Sand 13, 72076 Tübingen, Germany Tel.: (+49) 7071 / 29-70512 Mail: [email protected] Web: https://kn.inf.uni-tuebingen.de
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
